motor

corvette97 · 04-20-2006, 01:15 AM

Well i stop using my computer during the holy week and started using it yesterday and as usual, i opened mozilla and felt the computer was a bit slow, then i opened my music folder and searched a song and played it, using windows media player as usual, and i felt again the slow reaction. then i opened my personal folder and the music skipped and i heard how the music played like it was in slow motion just for like 5 seconds or so. its very anoying since this never happened before. i DL a free version of winamp, to see if the player was wrong but no, it happens the same. the computer feel slower and every time i open another application while listening music, the same thing happens...

i searched for virus and nothin came out...

any idea... that would be helpfull

thanxs vette

Fleischmann · 04-20-2006, 02:21 AM

Well, press Ctrl Alt Del to see if any application consumes too much memory and processing power. Or try SpyDoctor, it is more probable that you have spyware installed rather than a virus.

AlienDB7 · 04-20-2006, 03:01 AM

Probably spyware, try to get a spyware scanner such as Adaware.

Hopefully it's nothing hardware related. Sometimes when a HD is failing, you may feel slowness like that...

Good luck

corvette97 · 04-21-2006, 05:12 PM

well, i ran a spyware doctor and it says i have 16 infected files... it that too bad?

either ways i got a trial version and i dont know how to delete those files?

im dl'ing ad ware and see if i can delete with that one...

Fleischmann · 04-21-2006, 06:05 PM

hmmm...that's strange,it should clean it...try this link: http://www.loader.pl/modules.php?nam...=getit&lid=419

I know I dowloaded from this site and the program fixed the problems, it worked wonders.

antonioledesma · 04-21-2006, 09:38 PM

that is what you get when seeing porn sites and click the banners that say "win at poker"

use lavasoft ad-aware.
but first backup your registry

corvette97 · 04-22-2006, 12:33 AM

well, 3 ppl use this computer...

the odd thing is that from one day to another all starter to act like that

AlienDB7 · 04-22-2006, 05:19 AM

If you force every user of your computer to use Mozilla or Firefox instead of IE, that should greatly reduce the chance of getting infected by spyware. Common sense on what software to install helps too... :roll:

bmwmpower · 04-22-2006, 08:49 AM

use adware program, there re various of types and alot of developers, browse www.download.com and u will find what ever u want, BTW re u surfing on pornsites ? cos mostly they re full of spyware

corvette97 · 04-22-2006, 10:04 AM

we all use mozilla mate, no problems there...

i certainly dont visit porn sites, and i dont think my 9 year old bro does either.

now, at first adware said 16 infected files...now it says 0
spy doctor, at first said 16 infected files... now it says 4, but i cant delete them with the trial version and that i need to regrister...

can i delete those manually?, i know the name of the file and location...

corvette97 · 04-27-2006, 12:32 AM

still in the need for help, i already ran like 5 ad ware scans and deleted all infected files...

i've been doing some tests and this is what i can see...

in the task manager i can see that my music skips when i open a program or need a new mozilla window the CPU use graph shoots to 100%, this happens when i select a new song too

there are 42 processes active and mostly all of them have a 00 in CPU, theres a particular one thats called inactive process of the system (guess thats the right translation, my computer is in spanish) and the numbers in CPU change beetween 85 and 94, i tried to end the process but the task manager doesnt allow it

help please...

DeMoN · 04-27-2006, 01:46 AM

First of all, download hijackthis and do a "scan and save log" then copy and paste text here.

corvette97 · 04-27-2006, 10:27 AM

Logfile of HijackThis v1.99.1
Scan saved at 08:25:17 a.m., on 27/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Archivos de programa\McAfee\McAfee VirusScan\alogserv.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\ARCHIV~1\KEMailKb\KEMailKb.EXE
C:\Archivos de programa\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\mobile PhoneTools\WatchDog.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Archivos de programa\Netropa\Onscreen Display\OSD.exe
C:\Archivos de programa\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Archivos comunes\Network Associates\McShield\Mcshield.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\Avconsol.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Cliente\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Archivos de programa\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KEMailKb] C:\ARCHIV~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Archivos de programa\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WatchDog] C:\Archivos de programa\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Archivos de programa\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Archivos de programa\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Archivos de programa\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Archivos de programa\Archivos comunes\Network Associates\McShield\Mcshield.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Archivos de programa\Netropa\Multimedia Keyboard\nhksrv.exe

thanx Demon!

corvette97 · 04-27-2006, 09:54 PM

Demon? help please!

DeMoN · 04-28-2006, 12:26 PM

It doesnt look bad, it looks fairly clean. I would get rid of all those Yahoo toolbar thingies so using hijackthis DELETE:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ttp://www.yaho o.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/...ttp://www.yaho o.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/...ttp://www.yaho o.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ttp://www.yaho o.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/...ttp://www.yaho o.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/...ttp://www.yaho o.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

After this, you MUST install a program that will real-time protect you so they dont try to make it back. ill PM you with suggestions.